Tidelift helps connect software developers with the people who make open-source software — the developers get better service and support, while the open-source maintainers get financial support for their work.

In the early 2000s, people would balk at the notion of using free, open-source software to run a serious business — companies like Red Hat, which bet its business model on the concept, were seen as oddities.

But times have changed. Open-source software is key to most modern computing infrastructures. And over a decade later, IBM is planning to acquire Red Hat for a colossal $34 billion.

Now, Tidelift, a startup founded by a group of former Red Hat employees that wants to repeat the trick and pioneer a new business model for open-source software, on Monday announced $25 million in new funding from General Catalyst, Foundry Group, and former Red Hat CEO Matthew Szulik.

What Tidelift is trying to do, says its cofounder and CEO, Donald Fischer, is connect the users of open-source software directly with the people who make it.

"It only makes sense that it should be in our self-interest to pay the maintainers" of open-source software, Fischer told Business Insider. "If we don't do that, it's going to be a rough 2019. We need to set ourselves up with decades of more success."

Often, open-source projects are maintained by enthusiasts in their spare time as an act of altruism for the developer community. But those maintainers often have day jobs or otherwise don't have the time or financial resources to work on the project full time. Open-source software is always free, and free doesn't pay the bills.

This results in undermaintained open-source software, Fischer said, where security holes and other bugs go unpatched in even reasonably popular projects. That in turn makes it harder for businesses to rely on open-source software — and sometimes drives them to pricier, but better-supported, commercial products from the likes of Oracle or Microsoft.

That's where Tidelift comes in, Fischer says. If you're a development team that subscribes to Tidelift, your subscription fee gets disbursed to the maintainers of the open-source projects you're using — provided those maintainers have also signed up for Tidelift. In return, maintainers provide the tech support and fixes needed to put open-source software to work.

"We observed that there's a two-sided marketplace at work around open-source software," Fischer said. "There's various individuals and teams creating software for different reasons. There's been a missed opportunity where organizations consuming that software would be interested in paying for additional assurances, and many people who would be interested in getting paid for those services."

'Cracks' in the open-source business

The founders of Tidelift have been working together in the open-source industry for the past 20 years, including at Red Hat. Fischer recalled that when IBM announced it would acquire Red Hat, it was "both gratifying and a little saddening."

The new funding comes after a tumultuous year in the industry that brought its traditional business model under fresh scrutiny.

"It was sort of an amazing year for open source," Fischer said. "At the same time, there are cracks forming around open source."

In the traditional open-source business model, called "open core," companies like MongoDB, Elastic, and even Red Hat offer free open-source software that anyone can download and use as they wish, and they make money by charging for tech support and extra features that make the software more suitable for businesses.

The rise of cloud computing has thrown an interesting wrinkle in that formula, as cloud platforms like Amazon Web Services and Microsoft Azure take the free open-source software created by the open-source community, package it into a paid service, and offer it to their own customers for a profit. It's all perfectly legal, but the practice has sparked some backlash from smaller open-source companies, many of which have been making defensive moves.

Tidelift believes that its subscription solution can thread that needle, offering a way for open-source developers to make money without having to worry about a major cloud platform — or anybody else — eating their lunch.

The Tidelift solution

From Fischer's perspective, it's crucial that maintainers get the financial support to continue their open-source work. With the funding, Tidelift plans to expand its coverage and bring more open-source projects into the fold, at a time when it sees good open-source maintenance as more vital than ever.

In November, the world got an object lesson in the value of good open-source maintenance when an open-source JavaScript package called "event-stream," which had about 100 million downloads a year and was used by the BBC and Microsoft, was found to have bitcoin-stealing malware that was snuck in by a malicious third party.

While things don't always get that dramatic, a Tidelift subscription could give developers peace of mind that their open-source software is getting timely updates and security fixes, Fischer said. That's something you don't get if you download open-source software from the internet and just start using it.

"Open-source software hasn't traditionally come with those guarantees," Fischer said. "It does come with the guarantee that you can make a copy of it. Just because you can make a copy and download it from GitHub doesn't mean anyone's ready to keep it working and keeping it well-maintained."